cvelistv5 - CVE-2015-7275

CVE-2015-7275 (GCVE-0-2015-7275)

Vulnerability from cvelistv5 – Published: 2017-04-10 03:00 – Updated: 2024-08-06 07:43

Summary

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS.

Severity ?

No CVSS data available.

CWE

Assigner

certcc

References

URL

Tags

	http://en.community.dell.com/techcenter/extras/m/…	x_refsource_MISC
	http://www.securityfocus.com/bid/97520	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	Dell Integrated Remote Access Controller (iDRAC)	Affected: Dell Integrated Remote Access Controller (iDRAC)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:43:46.112Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859"
          },
          {
            "name": "97520",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97520"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Dell Integrated Remote Access Controller (iDRAC)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Dell Integrated Remote Access Controller (iDRAC)"
            }
          ]
        }
      ],
      "datePublic": "2017-04-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "XSS",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-11T09:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859"
        },
        {
          "name": "97520",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97520"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2015-7275",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Dell Integrated Remote Access Controller (iDRAC)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Dell Integrated Remote Access Controller (iDRAC)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "XSS"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859",
              "refsource": "MISC",
              "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859"
            },
            {
              "name": "97520",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97520"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2015-7275",
    "datePublished": "2017-04-10T03:00:00",
    "dateReserved": "2015-09-18T00:00:00",
    "dateUpdated": "2024-08-06T07:43:46.112Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:integrated_remote_access_controller_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.21.21.21\", \"matchCriteriaId\": \"0E3C465B-5015-45C6-A75A-BFCC92D18AB8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:integrated_remote_access_controller_7:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB7BB99B-2CD4-4167-856B-1A0F4AA11926\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:integrated_remote_access_controller_8:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC18FF25-08D2-491B-9F7E-CBA00DDCA3A6\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:integrated_remote_access_controller_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.80\", \"matchCriteriaId\": \"3F02C477-BE90-4FB7-B97D-7097B5EFE635\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:integrated_remote_access_controller_6:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DFAED22C-96DC-4DE3-81A7-A23042874C67\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS.\"}, {\"lang\": \"es\", \"value\": \"Dell Integrated Remote Access Controller (iDRAC) 6 en versiones anteriores a 2.85 y 7/8 en versiones anteriores a 2.30.30.30 tiene XSS.\"}]",
      "id": "CVE-2015-7275",
      "lastModified": "2024-11-21T02:36:29.050",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2017-04-10T03:59:00.890",
      "references": "[{\"url\": \"http://en.community.dell.com/techcenter/extras/m/white_papers/20441859\", \"source\": \"cret@cert.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/97520\", \"source\": \"cret@cert.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://en.community.dell.com/techcenter/extras/m/white_papers/20441859\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/97520\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "cret@cert.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-7275\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2017-04-10T03:59:00.890\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS.\"},{\"lang\":\"es\",\"value\":\"Dell Integrated Remote Access Controller (iDRAC) 6 en versiones anteriores a 2.85 y 7/8 en versiones anteriores a 2.30.30.30 tiene XSS.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:integrated_remote_access_controller_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.21.21.21\",\"matchCriteriaId\":\"0E3C465B-5015-45C6-A75A-BFCC92D18AB8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:integrated_remote_access_controller_7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB7BB99B-2CD4-4167-856B-1A0F4AA11926\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:integrated_remote_access_controller_8:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC18FF25-08D2-491B-9F7E-CBA00DDCA3A6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:integrated_remote_access_controller_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.80\",\"matchCriteriaId\":\"3F02C477-BE90-4FB7-B97D-7097B5EFE635\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:integrated_remote_access_controller_6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFAED22C-96DC-4DE3-81A7-A23042874C67\"}]}]}],\"references\":[{\"url\":\"http://en.community.dell.com/techcenter/extras/m/white_papers/20441859\",\"source\":\"cret@cert.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/97520\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://en.community.dell.com/techcenter/extras/m/white_papers/20441859\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/97520\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

CNVD-2017-07356

Vulnerability from cnvd - Published: 2017-05-24

Title

Dell Integrated Remote Access Controller跨站脚本漏洞（CNVD-2017-07356 ）

Description

Dell Integrated Remote Access Controller（iDRAC）6、7和8都是美国戴尔（Dell）公司的包含硬件和软件的系统管理解决方案。该方案为Dell PowerEdge系统提供远程管理、崩溃系统恢复和电源控制等功能。 Dell iDRAC 6 2.85之前的版本、7和8 2.30.30.30之前的版本中存在跨站脚本漏洞。远程攻击者可利用该漏洞注入任意的Web脚本或HTML。

Severity

中

Patch Name

Dell Integrated Remote Access Controller跨站脚本漏洞（CNVD-2017-07356 ）的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://en.community.dell.com/techcenter/extras/m/white_papers/20441859

Reference

http://en.community.dell.com/techcenter/extras/m/white_papers/20441859

Impacted products

Name
['Dell Integrated Remote Access Controller 7 <2.30.30.30', 'Dell Integrated Remote Access Controller 8 <2.30.30.30', 'Dell Integrated Remote Access Controller 6 <2.85']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-7275"
    }
  },
  "description": "Dell Integrated Remote Access Controller\uff08iDRAC\uff096\u30017\u548c8\u90fd\u662f\u7f8e\u56fd\u6234\u5c14\uff08Dell\uff09\u516c\u53f8\u7684\u5305\u542b\u786c\u4ef6\u548c\u8f6f\u4ef6\u7684\u7cfb\u7edf\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u4e3aDell PowerEdge\u7cfb\u7edf\u63d0\u4f9b\u8fdc\u7a0b\u7ba1\u7406\u3001\u5d29\u6e83\u7cfb\u7edf\u6062\u590d\u548c\u7535\u6e90\u63a7\u5236\u7b49\u529f\u80fd\u3002\r\n\r\nDell iDRAC 6 2.85\u4e4b\u524d\u7684\u7248\u672c\u30017\u548c8 2.30.30.30\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610f\u7684Web\u811a\u672c\u6216HTML\u3002",
  "discovererName": "Dell",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://en.community.dell.com/techcenter/extras/m/white_papers/20441859",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-07356",
  "openTime": "2017-05-24",
  "patchDescription": "Dell Integrated Remote Access Controller\uff08iDRAC\uff096\u30017\u548c8\u90fd\u662f\u7f8e\u56fd\u6234\u5c14\uff08Dell\uff09\u516c\u53f8\u7684\u5305\u542b\u786c\u4ef6\u548c\u8f6f\u4ef6\u7684\u7cfb\u7edf\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u4e3aDell PowerEdge\u7cfb\u7edf\u63d0\u4f9b\u8fdc\u7a0b\u7ba1\u7406\u3001\u5d29\u6e83\u7cfb\u7edf\u6062\u590d\u548c\u7535\u6e90\u63a7\u5236\u7b49\u529f\u80fd\u3002\r\n\r\nDell iDRAC 6 2.85\u4e4b\u524d\u7684\u7248\u672c\u30017\u548c8 2.30.30.30\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610f\u7684Web\u811a\u672c\u6216HTML\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Dell Integrated Remote Access Controller\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2017-07356 \uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Dell Integrated Remote Access Controller 7 \u003c2.30.30.30",
      "Dell Integrated Remote Access Controller 8 \u003c2.30.30.30",
      "Dell Integrated Remote Access Controller 6 \u003c2.85"
    ]
  },
  "referenceLink": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859",
  "serverity": "\u4e2d",
  "submitTime": "2017-05-19",
  "title": "Dell Integrated Remote Access Controller\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2017-07356 \uff09"
}

GSD-2015-7275

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS.

Aliases

CVE-2015-7275

Aliases

CVE-2015-7275

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-7275",
    "description": "Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS.",
    "id": "GSD-2015-7275"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-7275"
      ],
      "details": "Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS.",
      "id": "GSD-2015-7275",
      "modified": "2023-12-13T01:20:01.363252Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2015-7275",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Dell Integrated Remote Access Controller (iDRAC)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Dell Integrated Remote Access Controller (iDRAC)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "XSS"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859",
            "refsource": "MISC",
            "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859"
          },
          {
            "name": "97520",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/97520"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:integrated_remote_access_controller_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.21.21.21",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:integrated_remote_access_controller_8:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:integrated_remote_access_controller_7:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:integrated_remote_access_controller_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.80",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:integrated_remote_access_controller_6:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2015-7275"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859"
            },
            {
              "name": "97520",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/97520"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2017-04-14T13:40Z",
      "publishedDate": "2017-04-10T03:59Z"
    }
  }
}

GHSA-P9C8-PC7Q-Q885

Vulnerability from github – Published: 2022-05-17 02:50 – Updated: 2022-05-17 02:50

Details

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS.

Severity ?

6.1 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-7275"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-10T03:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS.",
  "id": "GHSA-p9c8-pc7q-q885",
  "modified": "2022-05-17T02:50:23Z",
  "published": "2022-05-17T02:50:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7275"
    },
    {
      "type": "WEB",
      "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97520"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201704-0168

Vulnerability from variot - Updated: 2023-12-18 12:51

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS. Dell iDRAC6 , iDRAC7 and iDRAC8 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Multiple Dell iDRAC products are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. The following products are vulnerable: Dell iDRAC6 versions prior to 2.85 Dell iDRAC7 versions prior to 2.30.30.30 Dell iDRAC8 versions prior to 2.30.30.30. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0168",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "integrated remote access controller",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "dell",
        "version": "2.80"
      },
      {
        "model": "integrated remote access controller",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "dell",
        "version": "2.21.21.21"
      },
      {
        "model": "idrac6",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "dell",
        "version": "2.85"
      },
      {
        "model": "idrac7",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "dell",
        "version": "2.30.30.30"
      },
      {
        "model": "idrac8",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "dell",
        "version": "2.30.30.30"
      },
      {
        "model": "integrated remote access controller",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "dell",
        "version": "2.21.21.21"
      },
      {
        "model": "integrated remote access controller",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "dell",
        "version": "2.80"
      },
      {
        "model": "idrac8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "dell",
        "version": "2.30"
      },
      {
        "model": "idrac7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "dell",
        "version": "2.30"
      },
      {
        "model": "idrac7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "dell",
        "version": "1.57.57"
      },
      {
        "model": "idrac7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "dell",
        "version": "1.56.55"
      },
      {
        "model": "idrac6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "dell",
        "version": "2.80"
      },
      {
        "model": "idrac6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "dell",
        "version": "1.95"
      },
      {
        "model": "idrac6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "dell",
        "version": "1.7"
      },
      {
        "model": "idrac6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "dell",
        "version": "1.41"
      },
      {
        "model": "idrac8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "dell",
        "version": "2.30.30.30"
      },
      {
        "model": "idrac7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "dell",
        "version": "2.30.30.30"
      },
      {
        "model": "idrac6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "dell",
        "version": "2.85"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "97520"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007499"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7275"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-532"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:integrated_remote_access_controller_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.21.21.21",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:integrated_remote_access_controller_8:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:integrated_remote_access_controller_7:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:integrated_remote_access_controller_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.80",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:integrated_remote_access_controller_6:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-7275"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Google Infrastructure Security Assurance",
    "sources": [
      {
        "db": "BID",
        "id": "97520"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-7275",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-7275",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-85236",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2015-7275",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-7275",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201704-532",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-85236",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-7275",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85236"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7275"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007499"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7275"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-532"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS. Dell iDRAC6 , iDRAC7 and iDRAC8 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Multiple Dell iDRAC products are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. \nThe following products are vulnerable:\nDell iDRAC6 versions prior to 2.85\nDell iDRAC7 versions prior to 2.30.30.30\nDell iDRAC8 versions prior to 2.30.30.30. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-7275"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007499"
      },
      {
        "db": "BID",
        "id": "97520"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85236"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7275"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-7275",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "97520",
        "trust": 1.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007499",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-532",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-85236",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7275",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85236"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7275"
      },
      {
        "db": "BID",
        "id": "97520"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007499"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7275"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-532"
      }
    ]
  },
  "id": "VAR-201704-0168",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85236"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:51:21.096000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Dell iDRAC Response to CVE (Common Vulnerabilities and Exposures) ID CVE-2015-7270, 7271, 7272, 7273, 7274, and 7275 - 2 DEC 2015",
        "trust": 0.8,
        "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859"
      },
      {
        "title": "Dell Integrated Remote Access Controller 6 , 7  and 8 Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70166"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/chnzzh/idrac-cve-lib "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-7275"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007499"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-532"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85236"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007499"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7275"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859"
      },
      {
        "trust": 1.3,
        "url": "http://www.securityfocus.com/bid/97520"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7275"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7275"
      },
      {
        "trust": 0.3,
        "url": "http://dell.com"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/79.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/chnzzh/idrac-cve-lib"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85236"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7275"
      },
      {
        "db": "BID",
        "id": "97520"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007499"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7275"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-532"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-85236"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7275"
      },
      {
        "db": "BID",
        "id": "97520"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007499"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7275"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-532"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-04-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85236"
      },
      {
        "date": "2017-04-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-7275"
      },
      {
        "date": "2017-04-10T00:00:00",
        "db": "BID",
        "id": "97520"
      },
      {
        "date": "2017-05-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007499"
      },
      {
        "date": "2017-04-10T03:59:00.890000",
        "db": "NVD",
        "id": "CVE-2015-7275"
      },
      {
        "date": "2017-04-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-532"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-04-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85236"
      },
      {
        "date": "2017-04-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-7275"
      },
      {
        "date": "2017-04-11T00:04:00",
        "db": "BID",
        "id": "97520"
      },
      {
        "date": "2017-05-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007499"
      },
      {
        "date": "2017-04-14T13:40:12.583000",
        "db": "NVD",
        "id": "CVE-2015-7275"
      },
      {
        "date": "2017-05-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-532"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-532"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Dell iDRAC Product cross-site scripting vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007499"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-532"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2015-7275

Vulnerability from fkie_nvd - Published: 2017-04-10 03:59 - Updated: 2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS.

References

URL	Tags
cret@cert.org	http://en.community.dell.com/techcenter/extras/m/white_papers/20441859	Vendor Advisory
cret@cert.org	http://www.securityfocus.com/bid/97520	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://en.community.dell.com/techcenter/extras/m/white_papers/20441859	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/97520	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
dell	integrated_remote_access_controller_firmware	*
dell	integrated_remote_access_controller_7	-
dell	integrated_remote_access_controller_8	-
dell	integrated_remote_access_controller_firmware	*
dell	integrated_remote_access_controller_6	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:integrated_remote_access_controller_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E3C465B-5015-45C6-A75A-BFCC92D18AB8",
              "versionEndIncluding": "2.21.21.21",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:integrated_remote_access_controller_7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB7BB99B-2CD4-4167-856B-1A0F4AA11926",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:dell:integrated_remote_access_controller_8:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC18FF25-08D2-491B-9F7E-CBA00DDCA3A6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:integrated_remote_access_controller_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F02C477-BE90-4FB7-B97D-7097B5EFE635",
              "versionEndIncluding": "2.80",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:integrated_remote_access_controller_6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFAED22C-96DC-4DE3-81A7-A23042874C67",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS."
    },
    {
      "lang": "es",
      "value": "Dell Integrated Remote Access Controller (iDRAC) 6 en versiones anteriores a 2.85 y 7/8 en versiones anteriores a 2.30.30.30 tiene XSS."
    }
  ],
  "id": "CVE-2015-7275",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-10T03:59:00.890",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97520"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-7275 (GCVE-0-2015-7275)

CNVD-2017-07356

GSD-2015-7275

GHSA-P9C8-PC7Q-Q885

VAR-201704-0168

FKIE_CVE-2015-7275

Tags

Sightings

Nomenclature